diff options
| author | Chris McDonough <chrism@agendaless.com> | 2009-05-27 04:52:51 +0000 |
|---|---|---|
| committer | Chris McDonough <chrism@agendaless.com> | 2009-05-27 04:52:51 +0000 |
| commit | a1a9fb7128c935848b17c0ce6586991098a17f07 (patch) | |
| tree | 5160f28be92202033c693caa335f8b9cda3c6379 /repoze/bfg/authentication.py | |
| parent | 08ead74d05e25f58c83712f6f8651484ddc983d0 (diff) | |
| download | pyramid-a1a9fb7128c935848b17c0ce6586991098a17f07.tar.gz pyramid-a1a9fb7128c935848b17c0ce6586991098a17f07.tar.bz2 pyramid-a1a9fb7128c935848b17c0ce6586991098a17f07.zip | |
Merge authchanges branch to trunk.
Diffstat (limited to 'repoze/bfg/authentication.py')
| -rw-r--r-- | repoze/bfg/authentication.py | 86 |
1 files changed, 86 insertions, 0 deletions
diff --git a/repoze/bfg/authentication.py b/repoze/bfg/authentication.py new file mode 100644 index 000000000..487a5e6a8 --- /dev/null +++ b/repoze/bfg/authentication.py @@ -0,0 +1,86 @@ +from zope.interface import implements +from repoze.bfg.interfaces import IAuthenticationPolicy +from repoze.bfg.security import Everyone +from repoze.bfg.security import Authenticated + +class RepozeWho1AuthenticationPolicy(object): + """ A BFG authentication policy which obtains data from the + repoze.who 1.X WSGI API """ + implements(IAuthenticationPolicy) + identifier_name = 'auth_tkt' + + def _get_identity(self, request): + return request.environ.get('repoze.who.identity') + + def _get_identifier(self, request): + plugins = request.environ.get('repoze.who.plugins') + if plugins is None: + return None + identifier = plugins[self.identifier_name] + return identifier + + def authenticated_userid(self, context, request): + identity = self._get_identity(request) + if identity is None: + return None + return identity['repoze.who.userid'] + + def effective_principals(self, context, request): + effective_principals = [Everyone] + identity = self._get_identity(request) + if identity is None: + return effective_principals + + effective_principals.append(Authenticated) + userid = identity['repoze.who.userid'] + groups = identity.get('groups', []) + effective_principals.append(userid) + effective_principals.extend(groups) + + return effective_principals + + def remember(self, context, request, principal, **kw): + identifier = self._get_identifier(request) + if identifier is None: + return [] + environ = request.environ + identity = {'repoze.who.userid':principal} + return identifier.remember(environ, identity) + + def forget(self, context, request): + identifier = self._get_identifier(request) + if identifier is None: + return [] + identity = self._get_identity(request) + return identifier.forget(request.environ, identity) + +class RemoteUserAuthenticationPolicy(object): + """ A BFG authentication policy which obtains data from the + REMOTE_USER WSGI envvar """ + implements(IAuthenticationPolicy) + + def _get_identity(self, request): + return request.environ.get('REMOTE_USER') + + def authenticated_userid(self, context, request): + identity = self._get_identity(request) + if identity is None: + return None + return identity + + def effective_principals(self, context, request): + effective_principals = [Everyone] + identity = self._get_identity(request) + if identity is None: + return effective_principals + + effective_principals.append(Authenticated) + effective_principals.append(identity) + + return effective_principals + + def remember(self, context, request, principal, **kw): + return [] + + def forget(self, context, request): + return [] |